The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The tool proxy.cards.get_sensitive provides the agent with raw credit card information (PAN, CVV, expiry). Storing or processing this data within an AI agent's context is extremely high risk, as it could be leaked through subsequent prompt injections or via the agent's output logs if not strictly controlled.
[Indirect Prompt Injection] (HIGH): The skill's core purpose is to make purchases based on external data (merchant names, prices, checkout pages). Attacker-controlled data from a merchant's site could contain hidden instructions to modify the purpose, expectedAmount, or expectedMerchant parameters in proxy.intents.create, leading to unauthorized financial spend.
[External Downloads] (MEDIUM): The skill relies on an external MCP server at https://mcp.useproxy.ai/api/mcp. This creates a dependency on a third-party service for executing financial operations, and any compromise of this endpoint would grant an attacker control over the agent's financial capabilities.
[Credentials Unsafe] (LOW): The configuration requires a $PROXY_AGENT_TOKEN. While the documentation suggests using environment variables, the sensitivity of this token (which authorizes card issuance) requires extremely careful rotation and management as a compromise leads directly to financial risk.

ai-agent-card-payments